Deny Access With URL Rewrite Based On Custom Header

What do we want to achieve?

Given a Site, we usually want users to access all resources, but in this case, we need to deny access to all resources living in a specific folder for those clients who do not send a specific header and value in their requests.


  • A site created and hosted in IIS.
  • URL Rewrite module installed

Setting up our Environment

  1. Create a folder. Mine is called “MyURLPractice”
  2. Create a “vars.aspx” file.
  3. Create a child folder. Mine is called “Only-Header”.
  4. Inside this child folder create another “vars.aspx” file.

URL Rewrite deny access based on custom header

This will be our approach:

  • Second, we will create another rule to block access based on that flag.
  1. Select your site and open URL Rewrite module.
  2. Click “View Rewrite Maps” (in here, we will create a static listing).
  3. Add a Rewrite Map and name it as you wish. I named mine “Authorized Clients” (We will need this name later)

Test 1:

Request to: “http://localhost:90/vars.aspx”

Test 2:

Request to: “http://localhost:90/vars.aspx”

Test 3:

Request to: “http://localhost:90/Only-Header/vars.aspx”

Test 4:

Request to: “http://localhost:90/Only-Header/vars.aspx”

Test 5:

Request to: “http://localhost:90/Only-Header/vars.aspx”




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store